Rewterz Threat Advisory – CVE-2021-23055 – F5 NGINX Ingress Controller

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

November 11, 2021

Rewterz Threat Advisory – Multiple Zoom Vulnerabilities

November 11, 2021

Rewterz Threat Advisory – CVE-2021-23055 – F5 NGINX Ingress Controller

Severity

Medium

Analysis Summary

CVE-2021-23055

F5 NGINX Ingress Controller could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with Ingress resources can be configured without setting the -enable-snippets command-line argument. By sending a specially crafted request, an attacker could exploit this vulnerability to gain access to secret information, and use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Affected Vendors

Affected Products

F5 NGINX Ingress Controller 1.0.0
F5 NGINX Ingress Controller 1.12.2
F5 NGINX Ingress Controller 2.0.0
F5 NGINX Ingress Controller 2.0.2

Remediation

Refer to F5 Security Advisory for patch, upgrade, or suggested workaround information.

https://support.f5.com/csp/article/K01051452

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

Rewterz Threat Advisory – Multiple Zoom Vulnerabilities

Rewterz Threat Advisory – CVE-2021-23055 – F5 NGINX Ingress Controller

Severity

Analysis Summary

CVE-2021-23055

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan